CVE-2026-31998 in OpenClaw
Summary
by MITRE • 03/19/2026
OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and downstream tool actions.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/26/2026
The vulnerability identified as CVE-2026-31998 affects OpenClaw versions 2026.2.22 and 2026.2.23, specifically within the synology-chat channel plugin component. This authorization bypass flaw stems from improper implementation of access control mechanisms that should restrict agent dispatch and downstream tool actions based on user permissions. The vulnerability manifests when the dmPolicy configuration parameter is set to allowlist mode with an empty allowedUserIds array, creating a security gap that allows unauthorized access.
The technical implementation flaw resides in the plugin's authorization logic where the system fails to properly validate access controls when the allowlist configuration contains no user identifiers. This fails-open condition means that instead of rejecting all requests when no specific users are allowed, the system incorrectly permits access to all authenticated users who possess Synology sender access. The vulnerability specifically impacts the synology-chat channel plugin's ability to enforce proper access controls, creating a path for privilege escalation and unauthorized system interactions.
Operational impact of this vulnerability extends beyond simple unauthorized access to encompass potential compromise of downstream systems and processes. Attackers who can establish Synology sender access can exploit this flaw to trigger unauthorized agent dispatch operations, which may lead to execution of unintended commands or actions within the connected tool ecosystem. This represents a significant security risk as it allows malicious actors to bypass intended access restrictions and potentially escalate their privileges within the system. The vulnerability creates an attack surface that could enable data exfiltration, system manipulation, or other malicious activities depending on the capabilities of the downstream tools.
Security mitigations for this vulnerability should focus on immediate patching of affected OpenClaw versions to address the authorization bypass flaw in the synology-chat channel plugin. Organizations should implement strict configuration management practices to ensure that allowlist policies are properly populated with valid user identifiers when configured. Additionally, monitoring and logging should be enhanced to detect unauthorized agent dispatch activities that may indicate exploitation attempts. The vulnerability aligns with CWE-284 which addresses improper access control, and represents a specific implementation of the broader category of authorization bypass issues. From an ATT&CK framework perspective, this vulnerability maps to privilege escalation and defense evasion techniques where adversaries can bypass access controls to maintain persistent access and execute unauthorized operations within the system.